- Products
- Learn
- Local User Groups
- Partners
- More
On-Premise SD-WAN Management
Register HereWhat's New in R82.10?
Watch Here AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
The Moment Before
Hi,
I have enabled Checkpoint URLF with HTTPS Inspection enabled. All is working fine, except I am getting cert trust issues with the block page. (R80.40)
Can anyone advise how I export this block page cert so I can trust it in users browsers? Or if there is some other guidance?
Also, is enabling UserCheck required in order to serve the block page, or is that something different? I have that enabled.
Thanks.
D
You can import a certificate enrolled from your internal CA to the usercheck page of the gateway properties. Your clients should trust these CA. If you‘re using the default certificate, your clients have to trust your internal Check Point CA of the managementserver. You can export the public certificate from the managementserver.
Thanks Wolfgang, is there a simple way to export this certificate from the SMS GUI?
In addition to what Wolfgang state .... from my notes
We require an SSL certificate on the GW's as the page presented with the BLOCK message, is HTTPS and is using the Platform Portal (as it seems) .
They say to follow :https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
But it’s better to follow :https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
(as I've use it previously )
Cheers Sorin, seems a bit confaluted. Id like to just extract whatever cert is being currently served for block page.
Yes Sorin, serving of blockpage shows connection error, or client not trusting the cert.
So, for clarification, I must generate a self signed cert to avoid errors? Is there definitely no way to export whatever cert Checkpoint is providing by default? - I find this surprising.
For sure you can export it, is the same you get when accessing the UserCheck portal It's not an on-the-fly generated one.
After that you will need to et it on all the clients in trusted certs, therefore my recommendation is to look for a centralized CA/certificate solution, then you just need to trust the Root CA and all the rest will follow.
Could I extrapolate from the below message that one must use a self signed cert to avoid errors i.e. the auto-generated cert is not extractable?
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 70 | |
| 23 | |
| 7 | |
| 5 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 |
Tue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY